NATO

By Amit Kumar Sharma

November 25, 2024

Privacy Commissioner Philippe Dufresne recently announced that his office will investigate the data breaches at Canada Revenue Agency resulting from cyberattacks dating back to 2020. That’s more than 30,000 privacy breaches impacting 62,000 Canadian taxpayers.

Unfortunately, such breaches have become all too common.

A recent IBM report sounded the alarm on the critical need for robust data protection measures, revealing that Canada experiences an alarming 75 data breaches every day. The IBM Cost of Data Breach Report 2024 highlights the profound financial and reputational impacts of these cyberattacks, urging businesses and organizations to fortify their defenses against the escalating threat of cybercrime.

According to IBM, the average cost incurred by Canadian companies due to data breaches, including incidents such as phishing attacks and stolen or compromised credentials, has reached a staggering $6.3 million. This figure encompasses a wide range of expenses, from detection and legal services to crisis management, regulatory fines, consumer reparations and lost business opportunities. The report underscores the significant ramifications of data breaches, which extend beyond financial loss to affect consumer trust and market stability.

The repercussions of data breaches are not limited to compromised personal information; they also have a broader economic impact. Companies often pass the costs of breach mitigation on to consumers through increased prices. This cascade effect highlights the urgency for all stakeholders — businesses, government entities, and individuals — to prioritize data security.

In today’s digital world, the safeguarding of sensitive personal information is more critical than ever. With the rapid growth of online services and increasing reliance on digital platforms, the protection of personal data has become a cornerstone of trust between individuals and organizations. As cyber threats evolve, the need for effective data security measures is paramount to protect citizens and maintain public confidence.

Organizations handling vast amounts of personal data must implement robust Information Security Management Systems (ISMS) that prioritize a comprehensive approach, integrating people, processes, and technology. This commitment to data protection ensures compliance with complex and evolving regulations, such as those anticipated under emerging laws such as Bill C-27, the Digital Charter Implementation Act.

According to IBM, the average cost incurred by Canadian companies due to data breaches, including incidents such as phishing attacks and stolen or compromised credentials, has reached a staggering $6.3 million.

In this context, recent discussions by Canadian parliamentary committees examining artificial intelligence (AI) and privacy have underscored the need for a comprehensive framework to address data protection challenges. Bill C-27, which aims to modernize Canada’s privacy laws, rules around generative AI, and implementing a digital charter, emphasizes accountability and transparency in data handling.

As Innovation, Science and Industry Minister François-Philippe Champagne told the Standing Committee on Industry and Technology (INDU) currently studying the bill, there is an urgent need to pass the legislation. “Let us recall that our laws were last updated more than 20 years ago. The last time we did the necessary work for Canadians was more than 20 years ago, before Facebook, Twitter and iPhones even existed. So you can imagine how important it is to act quickly and decisively,” Champagne said. “In my view, we cannot miss out on the opportunity to modernize privacy laws for Canadians, who are waiting for concrete action.”

He noted technology is evolving quickly and the legislation is a “much-needed response” to the challenges facing Canadians, businesses and governments. “It will build a stronger framework for privacy protection, and it will introduce a new framework for the regulation of artificial intelligence, putting into practice the principles of Canada’s digital charter,” he said.

As the committee continues its study, strong regulatory oversight to ensure that organizations are not only held accountable for data breaches but also incentivized to adopt best practices in data protection should be considered.

Raising awareness about data security is essential not only within organizations but among external stakeholders. This collaborative effort fosters a culture of responsibility that underscores the importance of protecting personal information.

Successful partnerships among digital and tech organizations and governmental bodies hinge on transparent, open communication and a deep understanding of shared goals. Such collaboration is crucial in addressing the myriad challenges that arise in the digital landscape. By effectively managing incidents, planning for capacity, and delivering transformative services, organizations can better support governments and contribute to their success.

The recent increase in cyberattacks highlights the urgency of implementing proactive data security measures. It is vital for all organizations to enhance their security protocols to safeguard personal information and maintain consumer trust. Only through robust collaboration and adherence to evolving legal standards can we aspire to build a secure and trustworthy digital future for all.

Amit Kumar Sharma is head of the Americas for VFS Global, one of the world’s largest outsourcing and technology services specialists for governments and diplomatic missions.